Total
1196 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50345 | 1 Hcltech | 1 Dryice Myxalytics | 2025-06-03 | N/A | 3.7 LOW |
| HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | |||||
| CVE-2023-49394 | 1 Easycorp | 1 Zentao | 2025-06-03 | N/A | 6.1 MEDIUM |
| Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | |||||
| CVE-2024-1440 | 2025-06-02 | N/A | 5.4 MEDIUM | ||
| An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions. | |||||
| CVE-2024-25676 | 2025-05-30 | N/A | 4.7 MEDIUM | ||
| An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading. | |||||
| CVE-2023-35791 | 1 Vound-software | 1 Intella Connect | 2025-05-30 | N/A | 6.1 MEDIUM |
| Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. | |||||
| CVE-2025-5256 | 2025-05-29 | N/A | 5.4 MEDIUM | ||
| SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits. Open Redirection via returnUrl Parameter: An Open Redirection vulnerability exists in the /s/action/unlock/user.user/0 endpoint. The returnUrl parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker. MitigationUpdate Mautic to a version that properly validates or sanitizes the returnUrl parameter to ensure that redirects only occur to trusted, internal URLs or explicitly whitelisted domains. | |||||
| CVE-2025-47854 | 1 Jetbrains | 1 Teamcity | 2025-05-28 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page | |||||
| CVE-2024-51321 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-05-28 | N/A | 7.6 HIGH |
| In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication. | |||||
| CVE-2023-50771 | 1 Jenkins | 1 Openid Connect Authentication | 2025-05-28 | N/A | 6.1 MEDIUM |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2022-40754 | 1 Apache | 1 Airflow | 2025-05-27 | N/A | 6.1 MEDIUM |
| In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | |||||
| CVE-2023-50456 | 1 Zammad | 1 Zammad | 2025-05-27 | N/A | 5.3 MEDIUM |
| An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name. | |||||
| CVE-2023-48928 | 1 Franklin-electric | 1 System Sentinel Anyware | 2025-05-27 | N/A | 6.1 MEDIUM |
| Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2022-28977 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-27 | N/A | 6.1 MEDIUM |
| HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. | |||||
| CVE-2025-23183 | 2025-05-23 | N/A | 6.1 MEDIUM | ||
| CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||||
| CVE-2023-46750 | 1 Apache | 1 Shiro | 2025-05-22 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. | |||||
| CVE-2024-12561 | 2025-05-21 | N/A | 6.1 MEDIUM | ||
| The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2024-33661 | 1 Portainer | 1 Portainer | 2025-05-21 | N/A | 9.1 CRITICAL |
| Portainer before 2.20.0 allows redirects when the target is not index.yaml. | |||||
| CVE-2022-40083 | 1 Labstack | 1 Echo | 2025-05-21 | N/A | 9.6 CRITICAL |
| Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-41204 | 1 Sap | 1 Commerce | 2025-05-20 | N/A | 8.8 HIGH |
| An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system. | |||||
| CVE-2024-7211 | 1 1e | 1 Platform | 2025-05-20 | N/A | 4.7 MEDIUM |
| The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix. | |||||